Cyber Security Threats Facing Businesses for 2016

It’s hard to believe that just a few years ago, cyber security was low on the list of priorities for businesses.

Today, now that many businesses are integrating remote data storage, mobile device management (MDM) and offsite data processing into their business, they’re giving cyber security a second look.

In 2016, the number of businesses moving to the cloud is predicted to grow. With this growth, comes new risks and viruses targeting businesses of all sizes, particularly small businesses, since cyber security is typically weaker when compared to larger businesses.

 

 Rise of the Mobile Workforce

The growth of the mobile workforce creates new paths and highways for criminals to gain access to sensitive company data.

There are *big risks (see below) you need to know about, whether your business accepts the * “bring your own device” (BYOD - see below) concept or issues standardized company devices to mobile employees.

Is there a network failure in your future?

 * Big Risks - Did you know…

• Within a 12-month period, the typical SMB will suffer 6 computer outages.

• The median cost of downtime for an SMB is ￡800 per day after a data-loss disaster.

• Only 23% of businesses backup daily, and among those with disaster preparedness plans, just 50% implemented a plan following a network outage or data loss.

• If a small business can’t resume operations within 10 days following a natural disaster, it probably won’t survive.

 

8 Risks and rewards of mobile device device management (MDM) Solutions

Want to cut costs and increase employee productivity? Jump on the BYOD bandwagon.

If you’re new to this growing trend, BYOD (Bring Your Own Device) is when a business allows employees to use personal devices at work. These devices might include smartphones, tablets, laptops or devices authorized by the company and supported alongside other business-owned devices.

* BYOD is Quickly Becoming the Rule, rather than Exception

 According to Gartner analyst David Willis, over 60% of employees globally say they’ve used a personal device at work, and Gartner predicts that nearly 40% of companies will go completely BYOD by 2016. With the rising trend of BYOD, it’s becoming the rule, rather than the exception in today’s workplace.

While BYOD is a great convenience to your employees, you need to consider how it will affect your network security before fully adopting it into your workplace. Whether you’re fully on board the BYOD trend or you’re still on the fence, here are the biggest risks and rewards you need to consider.

 BYOD Rewards

• Cost Savings: Companies like Cisco, VMware and Intel have claimed significant cost savings from BYOD. One reason for these savings is the reduction in new equipment costs like PCs, laptops along with ongoing software updates for these devices.

• Increased Employee Productivity: Naturally, the BYOD trend offers employees more freedom and flexibility over how they work. Rather than feeling tied down to a desk in a traditional workplace setting, employees can work from various mobile devices in any location they choose. In fact, a survey conducted by FlexJobs revealed that 20% of the 1,500 job seekers were willing to take a pay cut in exchange for more flexible work options and ultimately a better work-life balance.

• Access Files on the Go: No need to transfer files or email files to yourself. All files are updated in real-time, which is also great for collaboration and team environments.

• Monitoring Power: Set restrictions on company phones and monitor potential viruses, apps downloaded, how much data is used, etc.

• Time Savings for Techs: Rather than relying on IT techs to update their PCs, mobile device owners are more likely to update their own software, freeing up tech’s time so they can focus on issues that are more critical.

 BYOD Security Risks –  and How to Avoid Them

Opening the floodgates, throwing caution to the wind and allowing employees to bring in any device is obviously not a good idea. If you do adopt BYOD in your  workplace, you’ll want to invest in a Mobile Device Management (MDM) Solution to help you eliminate security risks and maintain control over your company data.

Risk  #1) -   Security Breach

When an employee leaves the company and takes his device with him/her, this presents the risk of a security breach.

MDM Solution: A Mobile Device Management solution ensures an employee does not still have access to important company data, once they leave the company. An MDM solution can automatically disable the employee’s account, which deactivates his access to the network along with any secure data.

 Risk  #2)  Lost Devices

Naturally, mobile devices encourage use of the device in public places. This poses the risk of sensitive company data ending up in the wrong hands.

MDM Solution: A Mobile Device Management Solution provides passcode and encryption enforcement, in addition to the ability to remotely locate, lock and wipe out sensitive company data from lost or stolen devices.

Risk  #3)-  Data Ownership and Policy Guidelines

In addition to defining how employees should use their mobile devices, it’s important everyone is on the same page in terms of data ownership. For example, if you intend to protect intellectual property, it’s not good policy to store corporate data alongside pictures of family reunions. Your BYOD policy should clearly define how company data is isolated on the device, along with what data is monitored on a regular basis.

MDM Solution: With any Mobile Device Management solution, Ontech Systems can also provide assistance in defining your company’s BYOD policy. There’s a fine line between maintaining employee satisfaction while securing control over sensitive data. If you don’t have a mobile device policy in place, without question, your network is at risk.

How Secure is YOUR Network?

From simple mistakes that put your company at risk to the rise in consumer grade file sync services in the workplace (like Dropbox), many businesses are still in the dark ages when it comes to network security. 

Don’t let a Network Failure Shut Down Your Business

If you want to know how your network would stand up against a data breach or disaster, one of the best ways to get a snapshot of the overall “health” of your network is through a network vulnerability assessment. We recommend these assessments be completed on a regular basis. This assessment offers you a comprehensive report on the areas of your network that are typically the most unsecured. Network vulnerability assessments are the key to closing security loopholes lurking within your network.

Conducting assessments on a regular basis helps to decrease the chances of a data breach within your company.

While network security assessments are important for all businesses, they are of particular importance if your company handles private personal information, credit card info, eCommerce, or you need to maintain compliance. This is a highly recommended, proactive step that I recommend you take right now.

 

What is Your Data Backup & Disaster Recovery Plan?

When many businesses consider data backup and disaster recovery, they have many questions, but at the top of their priorities is cost.  Since the cost of implementing a disaster recovery system can vary greatly, a better question to ask is “what should we budget for business continuity planning?” When making this decision, consider:

• What type of backup is required and how much storage will you need?
• How many users and devices do you need to maintain, back up and support?
• How quickly do you need to recover the data?
• How much does downtime really cost your business?

 

Data  Backup Solutions for your Businesses

While there are many data backup solutions available such as:

OnCloud Premium Data Backup and Disaster Recovery

OnCloud Premium Data Backup and Disaster Recovery can backup your information every 15 minutes. Does your business or healthcare organization need to comply with government regulations like HIPAA and Sarbanes-Oxley? OnCloud’s business continuity solution is compliant with these and other regulations.

Have you ever deleted or lost an email and months later need what has now become critical information? OnCloud’s email recovery feature for Microsoft Exchange Servers gives you the capability to retrieve the emails you thought were gone forever.

What if disaster strikes? Is your data safe and secure? 

Barracuda All-in-One Hybrid Cloud Backup Solution

Barracuda offers an affordable, all-in-one hybrid cloud backup solution, which is easy to set up and manage, and offers short RPOs (Recover Point Objectives) and RTOs (Recovery Time Objectives) with its Barracuda Backup solution.

The solution pairs an on-site appliance for storing local backups with cloud storage for storing offsite backups.  Barracuda Backup also meets HIPAA and/or Sarbanes-Oxley compliance.

 

Cyber Security in 2016

Online threats that existed over the past few years are not going away anytime soon.

Anti-virus programs and regular software updates are still necessary to fix and prevent problems. Firewalls and logins are still necessary to restrict access, but these things alone are no longer enough to prevent cyber-attacks.

A good layered cyber security strategy identifies each major risk and defines a way to neutralize each threat. Let’s look at the five biggest cyber security threats facing businesses today.

1)  Malware

Computer viruses and other harmful software can lurk in the background, stealing valuable data and extorting money from businesses.

When these programs infect your computer, they often make some parts of the system unusable.

What’s worse, they often remain hidden while harvesting your usernames, passwords and other valuable information. Malware has become sophisticated and proficient at luring employees into installing the software on business computers.

Simple instructions for employees to avoid opening attachments or downloading material from suspicious websites are no longer enough.

How does this work?

Recently a manager in an expanding business was hiring. She asked several candidates to email her resumes. When she tried to open one of the resumes, nothing happened.

A few minutes later, most of her data was encrypted and she was asked to pay ￡550 for the password to decrypt it. She didn’t notice the “resume” was not from one of the candidates and had inadvertently opened ransomware. Luckily, she had backups of her data and didn’t have to pay.

Don’t want this to happen to you? Start implementing new policies that guard against such sophisticated attacks and educate employees about the risk of cyber threats as soon as possible.

 2)  Vulnerabilities

Most software works well when employees engage in best practices when it comes to cyber security.

As long as they enter normal commands and data, everything is fine. Vulnerabilities crop up when an unexpected entry causes security to fail.

For example, did you know if you set the date of any recent iPhone to January 1, 1970, the phone will stop working? It’s true.

Devices can react in unexpected ways when someone enters an unusual command. Hackers exploit such bugs to get around security. They input unexpected instructions to disable security and bypass logins or firewalls.

Good security includes regular updates of all software. Even then, there is a risk until you install the updates. Extra layers of security can guard against such breaches when they are due to a single vulnerability.

 3)  Unauthorized  Access

Employees have access to your company network where they can see sensitive information and initiate actions to carry out operations. Just imagine if an outsider gained unauthorized access. How much could they harm your business? 

Today, a favourite method of gaining access to a network is through valid user names and passwords, obtained from employees, subcontractors or visitors under false pretenses. Such methods are often subtle and sophisticated.

What might this look like?

Picture this: A man poses as an existing new employee. He has inside knowledge that the employee was hired, so he calls the company IT department posing as the new employee and states, “I don’t know how to log in, can you help me?” The IT department promptly gives out the new employee’s user name and password over the phone.

Such tactics can happen if you don’t take additional measures by establishing company security policies and educating employees about these risks.

4)  Mobile  Devices

Smart phones and tablets in the workplace have paved the way for a whole new wave of network vulnerabilities that allow easy access into a company’s secure IT network.

What kind of vulnerabilities?

• Lost or stolen phones
• Mixing business with personal apps on personal devices
• Mobile devices can be infected with malicious software
• Incorrect operations can lead to loss of data.

Businesses face a tough decision – on one hand, they want to allow mobile employees to do their job but at the same time, they want to limit access to the data they need.

5)  Threats in the Cloud

Many suppliers of cloud services have good physical protection of their data centers and effective software security features.

They encrypt all your data to keep it safe.

But the reality is this – their personnel must have access to your data for normal data processing functions.

If a server breaks down in the cloud data center and the supplier’s service people fix the problem, they often have access to your unencrypted data.

When they run tests on the data, they may see it. If a hard drive has to be replaced, the data on the old drive is at risk. When you place your data into the cloud, it is critical to evaluate the services supplier’s security as well as your own.

When evaluating cloud service providers, there are several things to consider. 

Secure Cloud Storage - 5 things to consider 

There are several technologies and policies used for cloud computing. Consider these 5 key aspects of security when selecting a cloud storage provider for your business.

#1: Access Restrictions

Since data on a cloud provider’s service could potentially be accessed by an employee within the company, there should be safeguards in place that restrict access to the data and specify who can manage it.

#2: Encrypted Data

Data should always be securely encrypted, as long as it is in use by the cloud service. The data needs to be secured both on the server and when it is in transit to your network.

#3: Secure Data Transfer

When data is transferred between your cloud service and network, it should always travel on a secure, encrypted channel that is authenticated through industry standard protocols.

#4: Secure API Software Interfaces

Software interfaces known as API’s are used to interact with cloud services. Your cloud provider needs to integrate security throughout their service, from access control to activity monitoring.

#5: Data Separation Between Customers

Since cloud services share resources, “virtual containers” need to be in place for each of the provider’s customers to ensure each set of data is contained and secured.

Is the Cloud More Vulnerable than Your Own Business Network?

If you follow headline news stories about hackers targeting the cloud, you might think the cloud puts your data at risk. But how secure is the cloud compared to your own business network? This something few stop to consider.

The fact is, the cloud in and of itself, is secure, but it is susceptible to security measures that must be applied – just like your in-house IT infrastructure.

Just as one company’s network might not be as secure as another, one cloud service provider may employ more heightened security measures, while others may be missing one or more of the five considerations listed above.

In 2016, cyber security is topping the list of priorities for many businesses.

Larger businesses in particular are increasing their IT budgets to tighten up network security and maintain compliance.

But according to the National Small Business Cyber Security Study, most small businesses aren’t doing enough to protect their businesses from cyber security threats. These surprising statistics support this fact:

60% of small businesses don’t use any encryption on their wireless networks

Two-thirds of these businesses don’t have a security plan in place.

Nearly one-fifth of small businesses don’t use or have antivirus software.

With larger businesses buttoning up their security, cyber criminals are turning their attention to small businesses. It is more important now, than ever, to implement these 5 cyber security basics in your business – no matter how large or small.

Each business uses mobile devices differently. Through a *layered security approach, you can customize your solution and maximize the value of your mobile device management strategy.

Implement Layered Security

* What is layered security? A multi-layered defense strategy protects your network from a broad range of attacks through multiple levels of security. These layers may involve security measures at a system level, network level, application level or at the transmission level where security efforts are focused on data in use rather than at rest.

Swiss Cheese Analogy

To put it simply, think of layered security as multiple slices of Swiss cheese stacked side-by-side.

If a threat passed through one layer of defense, it must pass through several others – one security measure layered behind one another to prevent a single point of weakness.

A layered security approach ensures the highest level of security for your business.

2)   Establish a BYOD Policy

Mobile devices are susceptible to malware, malicious attacks and theft, particularly once they are outside the safety of your corporate network. If your staff uses personal devices in the workplace, it is important to have the appropriate level of mobile device management controls in place to protect your business against malicious attacks and security breaches.

While BYOD can reduce costs and increase employee productivity, it is equally critical to ensure these devices are secure, and to educate employees about how to best protect their devices in accordance with your BYOD policy.

 

 3)  Educate Staff

Many businesses believe their greatest asset is their people. When it comes to IT, this asset also becomes their greatest risk. Typically, businesses address security from a technology perspective, but it’s important to not overlook the human factor.

Look up any study conducted on the causes of security breaches. What you’ll find is a common thread – when internal risks are identified, they are often the result of human negligence, malice or curiosity.

If you want to secure your business – large or small – the first step is defining a layered security approach. The next steps involve establishing clear security policies, educating staff and enforcing those policies. Let’s look at these one-by-one.

Set Clear Policies: Define which employees have access to which systems – and in what context. Best practice is to only allow users access to those resources they need to do their work.

Additionally, be sure to block websites and applications that aren’t appropriate for the workplace. Your policy should cover what to do with suspicious emails (or text messages) and what steps to take if an employee suspects they opened an infected document or website.

Educate Employees: CompTIA revealed in a 2015 study that only 54% of companies offer cybersecurity training. Just a single click on a malicious email link is enough to unleash a virus that wreaks havoc on your entire network – resulting in expensive losses and extensive downtime.

When educating employees, discuss unsafe practices such as leaving computers unlocked and unattended in the office, sharing passwords, carrying sensitive information on mobile devices and failing to log out of secure websites.

Enforce Policies: Finally, you may want to require employees to sign a mandatory document that states they understand company security policies and their responsibilities.

Without enforcement, employees have no incentive to comply with company security policies. For the sake of security within the business, staff needs to be aware of the consequences of failing to comply with security protocols.

4)  E-mail Protection and Education -  Is the email real or fake?

Some phishing emails are easy to detect, while others might be a bit more difficult to decipher. One of the best ways to learn is through failure – and what better way to learn how to recognize malicious emails than through a Phishing IQ test?

Phishing Facts

........................................................

• 6.1 Billion - Number of phishing e-mails sent world-wide each month
• $1,200 - Average loss to each person successfully phished (Federal Trade Commission)
• 22,273 - Number of unique phishing attacks in June 2011 (Anti-Phishing Working Group)
• 28,148 - Number of phishing Web sites found in June 2011 (Anti-Phishing Working Group)
• US - The country hosting the most phishing sites (Anti-Phishing Working Group)

 

5)  WiFi (Wireless) Security

At the most basic level of wireless security, you’ll want to ensure your business WiFi is using WPA2 encryption. This may sound obvious, but you’ll also want to change your WiFi passwords (many businesses don’t).

If you want only legitimate users to access your network, combine this with EAP-TLS authentication, which is more suitable for a business environment because it uses certificates to validate users rather than just a password.

Finally, be sure to turn off WPS, a feature that makes connecting to your wireless network very easy using a short PIN or a click of a button. This presents a huge vulnerability – even if you are using WPA2.

IMPORTANT: Your WiFi should be protected from the rest of your network through a firewall because WiFi gives users access to your entire network – including your servers and confidential data.

 

 Additional Cyber Security Measures

These 5 steps are by no means a comprehensive list of the security measures your business needs to take in order to remain secure. There are additional areas of security to consider:

• Ensure you have network security equipment in place such as firewalls, intrusion prevention systems, virtual private networks and network access controllers.
• Keep all software up-to-date and remove inactive user accounts.
• Maintain backups of critical files and software – and regularly test your backups to ensure they work.
• Limit access to confidential, sensitive data.

 

A Customized and Integrated Security Solution

The best way to begin evaluating your security needs is with a network security assessment. Right now, there may be loopholes and vulnerabilities that are putting your network at risk – and you don’t even know it.